[Security] remove plaintext password hasher usage
#20986
Conversation
| memory_cost="10" | ||
| /> | ||
| </config> | ||
| <when env="test"> |
There was a problem hiding this comment.
I'm not super confident on these xml/php config changes - please review.
| memory_cost="10" | ||
| /> | ||
| </config> | ||
| <when env="test"> |
There was a problem hiding this comment.
should be <srv:when> as this code snippet defines the SecurityBundle XML namespace as the default namespace and uses the srv alias for the XML namespace of the DI component
There was a problem hiding this comment.
hmm, actually, this XML code snippet is already a mess, as it mixes cases, sometimes using a security alias (not registered on the top-level element) for nodes of the SecurityBundle config
There was a problem hiding this comment.
What should we do here? Can this snippet be fixed easily? Otherwise, we could just remove it. Symfony plans to remove XML config support "soon", so this is not important. Thanks.
I think we shouldn't promote using the plaintext hasher at all.
Context:
testenvironment recipes#1024